1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Slides:

Advertisements

Similar presentations

The Diffie-Hellman Algorithm

Advertisements

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Cryptography and Network Security

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Public Key Algorithms 4/17/2017 M. Chatterjee.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Cryptography and Network Security Chapter 13

Computer Science Public Key Management Lecture 5.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Bob can sign a message using a digital signature generation algorithm

1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.

The RSA Algorithm Rocky K. C. Chang, March

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

An Efficient Identity-based Cryptosystem for

KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 ELSEVIER Mar

RSA Ramki Thurimella.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

Topic 22: Digital Schemes (2)

Midterm Review Cryptography & Network Security

Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.

BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.

Cryptography and Network Security (CS435) Part Eight (Key Management)

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

1 Public-Key Cryptography and Message Authentication.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,

Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Prepared by Dr. Lamiaa Elshenawy

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.

Key Management Network Systems Security Mort Anvari.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

Cryptography and Network Security Chapter 13

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Digital signatures.

The Application of Elliptic Curves Cryptography in Embedded Systems

Presentation transcript:

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升

2 Abstract A variant of RSA public key scheme –called Hidden Exponent RSA scheme Based on this new scheme, we devised an efficient lightweight key management scheme and show that it is secure under the strong RSA assumption.

3 Outline Introduction RSA scheme Hidden Exponent RSA scheme Efficient Key Management Scheme Strong RSA Assumption Proof of the proposed scheme

4 Introduction Pervasive computing –computation can be carried out anywhere by any possible electronic devices. –eg: mobile computing, wireless Ad Hoc network, sensor network, etc. Key distribution/management problem –common secret keys in these devices compromise of some devices will reveal all communication. –public key cryptography consume lots of resources.

5 RSA Scheme e may be small (3, or 2^16+1) But d should be fairly large (above 1000 bit) to prevent attack

6 Hidden Exponent RSA scheme We choose d,k 160 bit, the encryption needs about 320 multiplication, while decryption needs about 160 multiplications. Total cost are about 480 multiplication. A balance of computation overhead for encryption and decryption. We can safely choose small d : When we hide e as the discrete logarithm of E, small decryption exponent attack will not be effective anymore.

7 Hidden Exponent RSA scheme To encrypt a random message

8 An Efficient Key Management Scheme Key generation center(KGC) generates many keypairs and distributes each keypair to each device. Keypair holders can implement an authenticated key exchange.

9 Parameter Setting of KGC

10 Keypair Generation To generate a keypair for a device –KGC picks random prime d (160 bit) and t (24 bit) –KGC computes –d is the private key and ( E,t ) is the public key – t is the unique identifier to represent a valid keypair. We will show that (d,E,t) is unforgeable.

11 Authenticated Key Exchange A randomly choose r a B randomly choose r b private d a public (, t a )public (, t b )private d b verify exchange

12 Traditional Authenticated Key Exchange A randomly choose r a B randomly choose r b private d a public (n a,e a )public (n b,e b )private d b Verify that the received public key has been authenticated by KAC. exchange

13 Comparison Traditional scheme New scheme Communication payload 3072 bits for each party 2048 bits for each party Modular multiplication 1344 ( *2) multiplication 480 (160*3) Multiplication

14 Strong RSA Assumption

15 Infeasible to forge a valid key Thm 1. Keypair Unforgeable Under the strong RSA assumption, there exists no polynomial time algorithm which takes a list of valid keypairs, (d 1,E 1,t 1 ), (d 2,E 2,t 2 ), …, (d k,E k,t k ) and produces a new keypair (d,E,t) such that E dt =g (mod n) such t≠t i for i=1,…,k.

16 Proof of Keypair Unforgeability Proof. (Illustration) –Suppose we have polynomial-time algorithm A which can compute a new valid keypair based on the available keypairs. A We use (d,t,E) to find a pair (y,t) such that y t =u (mod n). g n H

17 Proof of Keypair Unforgeability Proof. (Sketch)

18 Conclusion A public key scheme “Hidden Exponent RSA” Based on this scheme, we devised a lightweight key management scheme  Lower communication and computation overhead. Prove that the keypair forgery is infeasible under Strong RSA assumption.